Crypto Lending Platform YouHodler Exposes Millions of Privacy Records
Cryptocurrency lending platform YouHodler exposed privacy data, including crypto wallet addresses, from thousands of its cryptocurrency users, vpnMonitor reports.
Data breach Is Severe with Widespread Implications
vpnMentor and a team led by data scientists Noam Rotem and Ran Locar discovered a significant cryptocurrency data breach affecting 86 million records. The data resided in the YouHodler database system.
YouHodler provides cryptocurrency lending services. It also allows users to instantly convert crypto assets to U.S. dollars or euros. In addition to Bitcoin, the lending platform supports BCH, ETH, LTC, XLM, XRP, DASH, REP, as well as other crypto-assets.
The YouHodler data breach exposed a massive amount of privacy data including users’ full names, email addresses, addresses, phone numbers, birthdays, credit card numbers, CVV numbers, full bank details, and crypto wallet addresses.
Investigators underlined how severe and extensive the breach’s implications are. For example, YouHodler tagged credit cards CVV (card verification value) numbers as “identity.” And these CVV numbers were entirely unencrypted.
Moreover, investigators added,
“Here, we found the card number in full, stored in plain text as well as the expiration date, but without the CVV number. However, the first example shows that we still found all of the details needed to take full control of the card – including CVV numbers.”
Data Exposed Allows Linking User Name to Crypto Wallet Address
Similarly, users’ full names, addresses, and bank details such as account number and SWIFT code were exposed. In some cases, records containing crypto wallet addresses were also exposed. As a result, investigators concluded,
“It was simple to link the account above to the Bitcoin wallet address. While the contents of crypto-wallets are publicly available, they are purposely anonymous. Linking a name and address to a wallet could have serious consequences.”
VpnMentor is a security research firm that advocates for web privacy. It described how the security team discovered the breach as follows,
“We found the leak in YouHodler’s database as part of our web-mapping project. Ran and Noam examine ports to find known IP blocks. Once they’ve discovered IP blocks, they look for holes in the system that would indicate an open database. Using their technical expertise, they can confirm the identity of a leak to trace the data back to its owner.”
Cryptocurrency lending services, such as YouHodler, had been seeing widespread adoption and had been becoming a vital service for the crypto industry.
After vpnMentor contacted YouHodler on July 22, 2019, YouHodler reportedly closed the breach the following day.
Do you think the YouHodler data breach will affect the crypto lending services adoption rate? Please let us know in the comments below!
Images via vpnMonitor